On May 2-3, the US Legal team’s Ilona Levine and Kristen Lincoln attended the Global Privacy Summit (“Summit”) held by the International Association of Privacy Professionals (“IAPP”).
Ilona writes: Every year for the last five years that I have attended the Summit, it has been breaking its previous attendance record. This year was no exception with over 4,000 privacy professionals gathering in Washington, DC. This congregation of worldwide privacy professionals, from DPAs to top regulators to newly minted privacy professionals, underscores the growing importance of privacy and data protection issues.
This year’s Summit provided attendees with the opportunity to choose sessions from a breadth of different topics in the privacy field, including everything from the newly passed California Consumer Protection Act, to practical tips on how to handle global data security incidents, to privacy risks associated with artificial intelligence and cryptocurrency.
The Summit was kicked off by a panel of European regulators, including: Helen Dixon, the Irish Data Protection Commissioner; Elizabeth Denham, the U.K Information Commissioner; and Andrea Jelinek, the Head of the Austrian Data Protection Authority and Chairwoman of the European Data Protection Board. The first question asked of the panel was the question almost everyone in the room had on their minds, “When will we see the first GDPR fines?” The panelists explained that while the enforcement actions and resulting penalties are certainly coming, investigations take time and it is important to conduct investigations properly because they set precedent. The panelists were uniform in their message about investigations, communicating that their goal is to explain the reasons for imposing fines so that these reasons can then guide other controllers in their privacy practices.
Not surprisingly, many sessions this year were focused on the California Consumer Protection Act (“CCPA”), the first of its kind privacy law in the United States. During the “Privacy as a Movement” session, the panelists drew comparisons between the CCPA and the GDPR, concluding that both statutes are more similar to each other than different. The similarities between the two privacy laws extend to rights given to data subjects, including the right to have one’s data secured and protected, as well as the right to access or delete one’s data. Both laws require businesses to report data breaches to individuals and encourages transparency in business and data collection.
The panelists also stressed that while the CCPA is a California law, companies will have a hard time treating customers differently based on their geographical location. Future laws, like the CCPA, will also require companies to respect individual rights, do proper privacy risk assessments, and ensure transparency in data collection and use practices. As Julie Brill, Deputy General Counsel of Microsoft, noted at the Summit, “companies must shift their view of privacy compliance from one of governance to one of operations.”
Joseph Simons, Chairman of the Federal Trade Commission, spoke at the Summit about the future of a federal data privacy law and the agency’s enforcement strategies. He said that California’s passage of the CCPA will make federal lawmakers move faster and result in a proposed draft of a federal privacy bill which will preempt state law in regulating the same conduct.
In conclusion, the Summit once again accomplished its goal of inspiring, educating and informing thousands of privacy professionals to do the right thing when it comes to protecting privacy. There is no doubt, as best-selling author, Margaret Atwood, noted in her keynote address at the Summit, that the privacy profession is no longer viewed as a “small yappy dog” because everyone starts paying attention to privacy once their privacy is violated. And, as Dani Shapiro, another best-selling author stated, we live in times “when secrets are tumbling out” because of technology advances. It is no surprise to those in the privacy profession that privacy is finally taking center stage and is no longer simply viewed as a compliance afterthought.
At OVHcloud, we understand privacy is a key issue for consumers and continue to stay ahead of the discussions.